When handling a security incident, there will be lots of information that needs to be processed and analyzed. An ideal security incident response platform should be able to do the following:
- Receive alerts and security events from different sources (SIEM, IDS, email)
- The security incident case management should allow a security analyst to add related logs, IOCs, or findings during the incident case handling life cycle
- Compare its analysis with external threat information, such as VirusTotal, to identify the malicious behaviors of a file, hash, domain, or IP address
The open source tool TheHive can help you to provide a security incident response management platform. TheHive can also work with ...